Patchwork [v2] tests: set MALLOC_PERTURB_ to expose memory bugs

login
register
mail settings
Submitter Stefan Hajnoczi
Date May 21, 2013, 12:43 p.m.
Message ID <1369140202-5848-1-git-send-email-stefanha@redhat.com>
Download mbox | patch
Permalink /patch/245304/
State New
Headers show

Comments

Stefan Hajnoczi - May 21, 2013, 12:43 p.m.
glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment
variable is set.  The value of the environment variable determines the
bit pattern used to wipe memory.  For more information, see
http://udrepper.livejournal.com/11429.html.

Set MALLOC_PERTURB_ for gtester and qemu-iotests.  Note we pick a random
value from 1 to 255 to expose more bugs.  If you need to reproduce a
crash use 'show environment' in gdb to extract the MALLOC_PERTURB_
value from a core dump.

Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/Makefile           | 5 ++++-
 tests/qemu-iotests/check | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)
Eric Blake - May 21, 2013, 12:56 p.m.
On 05/21/2013 06:43 AM, Stefan Hajnoczi wrote:
> glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment
> variable is set.  The value of the environment variable determines the
> bit pattern used to wipe memory.  For more information, see
> http://udrepper.livejournal.com/11429.html.
> 
> Set MALLOC_PERTURB_ for gtester and qemu-iotests.  Note we pick a random
> value from 1 to 255 to expose more bugs.  If you need to reproduce a
> crash use 'show environment' in gdb to extract the MALLOC_PERTURB_
> value from a core dump.
> 
> Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  tests/Makefile           | 5 ++++-
>  tests/qemu-iotests/check | 3 ++-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/Makefile b/tests/Makefile
> index a307d5a..24880c6 100644
> --- a/tests/Makefile
> +++ b/tests/Makefile
> @@ -171,6 +171,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,)
>  $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
>  	$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
>  	$(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
> +		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \

This is a Makefile; don't you need to use $$ instead of $ (three instances)?

$RANDOM is a bash-ism.  If make is run with SHELL as /bin/sh on a
platform where dash is the primary shell, it will fail:

$ dash -c 'echo $(($RANDOM % 255))'
dash: 1: arithmetic expression: expecting primary: " % 255"

HOWEVER: you can exploit the fact that inside $(()), you don't need $ to
use the value of a defined variable, and also the fact that unless set
-u is in effect, an undefined variable name silently evaluates as 0:

$ dash -c 'echo $((RANDOM % 255))'
0

then you could write the shell code:

	MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))}

or the Makefile code:

	MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$((RANDOM % 255 + 1))}

and things will at least work on /bin/sh as dash (even though there will
be no randomness and you are always testing with 1 in that case).

> @@ -180,7 +181,9 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
>  .PHONY: $(patsubst %, check-%, $(check-unit-y))
>  $(patsubst %, check-%, $(check-unit-y)): check-%: %
>  	$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
> -	$(call quiet-command,gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*")
> +	$(call quiet-command, \
> +		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \

More missing $$, and a case where RANDOM is better than $RANDOM for dash.

> +		gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*")
>  	$(if $(CONFIG_GCOV),@for f in $(gcov-files-$(subst tests/,,$*)-y); do \
>  	  echo Gcov report for $$f:;\
>  	  $(GCOV) $(GCOV_OPTIONS) $$f -o `dirname $$f`; \
> diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
> index 432732c..74628ae 100755
> --- a/tests/qemu-iotests/check
> +++ b/tests/qemu-iotests/check
> @@ -214,7 +214,8 @@ do
>  	start=`_wallclock`
>  	$timestamp && echo -n "	["`date "+%T"`"]"
>  	[ ! -x $seq ] && chmod u+x $seq # ensure we can run it
> -	./$seq >$tmp.out 2>&1
> +	MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
> +		./$seq >$tmp.out 2>&1

THIS file requires /bin/bash, so using a bashism here is just fine.
Stefan Hajnoczi - May 21, 2013, 3:17 p.m.
On Tue, May 21, 2013 at 06:56:07AM -0600, Eric Blake wrote:
> On 05/21/2013 06:43 AM, Stefan Hajnoczi wrote:
> > glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment
> > variable is set.  The value of the environment variable determines the
> > bit pattern used to wipe memory.  For more information, see
> > http://udrepper.livejournal.com/11429.html.
> > 
> > Set MALLOC_PERTURB_ for gtester and qemu-iotests.  Note we pick a random
> > value from 1 to 255 to expose more bugs.  If you need to reproduce a
> > crash use 'show environment' in gdb to extract the MALLOC_PERTURB_
> > value from a core dump.
> > 
> > Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled.
> > 
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > ---
> >  tests/Makefile           | 5 ++++-
> >  tests/qemu-iotests/check | 3 ++-
> >  2 files changed, 6 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tests/Makefile b/tests/Makefile
> > index a307d5a..24880c6 100644
> > --- a/tests/Makefile
> > +++ b/tests/Makefile
> > @@ -171,6 +171,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,)
> >  $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
> >  	$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
> >  	$(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
> > +		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
> 
> This is a Makefile; don't you need to use $$ instead of $ (three instances)?
> 
> $RANDOM is a bash-ism.  If make is run with SHELL as /bin/sh on a
> platform where dash is the primary shell, it will fail:
> 
> $ dash -c 'echo $(($RANDOM % 255))'
> dash: 1: arithmetic expression: expecting primary: " % 255"
> 
> HOWEVER: you can exploit the fact that inside $(()), you don't need $ to
> use the value of a defined variable, and also the fact that unless set
> -u is in effect, an undefined variable name silently evaluates as 0:
> 
> $ dash -c 'echo $((RANDOM % 255))'
> 0
> 
> then you could write the shell code:
> 
> 	MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))}
> 
> or the Makefile code:
> 
> 	MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$((RANDOM % 255 + 1))}
> 
> and things will at least work on /bin/sh as dash (even though there will
> be no randomness and you are always testing with 1 in that case).

Silly me.  I did test it but it silently "worked".

Will resend.

Stefan
Eric Blake - May 21, 2013, 3:58 p.m.
On 05/21/2013 09:17 AM, Stefan Hajnoczi wrote:
>>> +		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
>>
>> This is a Makefile; don't you need to use $$ instead of $ (three instances)?
>>

> 
> Silly me.  I did test it but it silently "worked".

Yep, quite a fluke.  GNU Make expands it to:

MALLOC_PERTURB_=

which meant you were setting it to the empty variable; and thus had no
randomness but no syntax error to tell you your mistake.

Patch

diff --git a/tests/Makefile b/tests/Makefile
index a307d5a..24880c6 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -171,6 +171,7 @@  GCOV_OPTIONS = -n $(if $(V),-f,)
 $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
 	$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
 	$(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
+		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
 		gtester $(GTESTER_OPTIONS) -m=$(SPEED) $(check-qtest-$*-y),"GTESTER $@")
 	$(if $(CONFIG_GCOV),@for f in $(gcov-files-$*-y); do \
 	  echo Gcov report for $$f:;\
@@ -180,7 +181,9 @@  $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
 .PHONY: $(patsubst %, check-%, $(check-unit-y))
 $(patsubst %, check-%, $(check-unit-y)): check-%: %
 	$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
-	$(call quiet-command,gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*")
+	$(call quiet-command, \
+		MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
+		gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*")
 	$(if $(CONFIG_GCOV),@for f in $(gcov-files-$(subst tests/,,$*)-y); do \
 	  echo Gcov report for $$f:;\
 	  $(GCOV) $(GCOV_OPTIONS) $$f -o `dirname $$f`; \
diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index 432732c..74628ae 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -214,7 +214,8 @@  do
 	start=`_wallclock`
 	$timestamp && echo -n "	["`date "+%T"`"]"
 	[ ! -x $seq ] && chmod u+x $seq # ensure we can run it
-	./$seq >$tmp.out 2>&1
+	MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \
+		./$seq >$tmp.out 2>&1
 	sts=$?
 	$timestamp && _timestamp
 	stop=`_wallclock`